OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: pine 4.21 port issues?
From: Matt Heckaman (mattARPA.MAIL.NET)
Date: Tue Aug 08 2000 - 13:29:02 CDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 8 Aug 2000, Robert Watson wrote:
...
: It sounds like a spurious warning from an over-zealous developer that did
: not plan for our mail delivery environment. I haven't been using Pine
: 4.21, but I think this is a warning that can be safely silenced in the
: port, although you probably want to get confirmation from others familiar
: with the Pine iand c-client mplementations before going ahead with that.

Well from what Rick was saying in our private conversation and what the
documents say if you read them carefully, pine uses /var/mail for it's
locks. My guess is that it assumes since /var/mail is world writable on
most systems it can use it as a temporary directory or something :)

At the very least, they could make more intelligent error messages, ie:

if /var/mail is world writable and not sticky, report that error, however
if /var/mail is not world writable report something like,

        "/var/mail is not writable to us, lock failure."

Either way, it's better than screaming "Your mailbox is vulnerable!" I
wonder if anyone would commit that patch if I made it? :)
        
: Robert N M Watson

* Matt Heckaman - mailto:mattlucida.qc.ca http://www.lucida.qc.ca/ *
* GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: http://www.lucida.qc.ca/pgp

iD8DBQE5kFFvdMMtMcA1U5ARAvwkAJ9+ByzG3BYunXXeMXIEr1lK2tCC0QCfR6Hn
6/rkkJZOvsNFtH2+NDEVhHQ=
=D0Y+
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message